“KANAVA S.A.” (hereinafter referred to as “KANAVA”, “Company”, “Data Controller”, “we”), in accordance to Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) and the relevant data protection legislation, in its identity as Data Controller, informs the natural persons who visit our rooms and hotels (hereinafter referred to as “Data Subjects”, “you”) of the following: by virtue of 1881/20.05.2020 Ministerial Decision and following amending circulars, the Company is required to collect your personal data in order to be able to identify and communicate with close contacts of potential COVID-19 incidents. The personal data are legally processed for the protection of your, our other visitors’ and our employees’ health. We shall retain them for five (5) years from the day we collect them, in accordance to our Retention Policy. The legal basis for the process is our legal obligation towards the hygiene and health in our premises and the protection of public health. The personal data we collect for the above-mentioned reasons are your name and last name, nationality, date of arrival and date of departure, telephone, home address, and email address. The data may be shared with the competent public authorities, as provided by law. You have the right of access, rights to rectification, erasure, restriction of processing, portability and object which you may exercise by contacting our Data Protection Officer (DPO) via email to the address firstname.lastname@example.org. In case you find that our reply is not to your satisfaction, you may lodge a complaint with the Hellenic Data Protection Authority (http://www.dpa.gr), 1-3 Kifisias Ave., P.C. 115 23, Athens, tel. +30-210 6475600.